const http = require('http')
const fs = require('fs')
http.createServer(function (request, response) {
  console.log('request come', request.url)


  if (request.url === '/') {
    const html = fs.readFileSync('test.html', 'utf8')
    response.writeHead(200, {
      'Content-Type': 'text/html',
      // 'Content-Security-Policy': 'default-src http: https:'
      //'Content-Security-Policy-Report-Only'允许加载，只是把信息返给服务器
      // 'self' 只加载本域名的js default-src会img  等都不能外链 script-src  只限制script
      // 'Content-Security-Policy': 'default-src \'self\' http://code.jquery.com; form-action \'self\';report-uri /report'
    })
    response.end(html)
  } else {
    response.writeHead(200, {
      'Content-Type': 'application/javascript'
    })
    response.end('console.log("loaded script")')
  }
}).listen(5464)
console.log('server listening on 5464')